This copy is for your personal non-commercial use only. To order presentation-ready copies of Toronto Star content for distribution to colleagues, clients or customers, or inquire about permissions/licensing, please go to: www.TorontoStarReprints.com

Privacy watchdog’s office loses private information of employees

A data breach at the Office of the Privacy Commissioner of Canada has potentially exposed the private information of 800 current and former federal government employees.

Interim Privacy Commissioner Chantal Bernier said the data from a now-missing unencrypted hard drive is so raw only someone with the right software and technical expertise can read it. (Sean Kilpatrick / THE CANADIAN PRESS file photo)

By Graham LanktreeSpecial to the Star

Thu., April 24, 2014

A data breach at the Office of the Privacy Commissioner of Canada has potentially exposed the private information of 800 current and former federal government employees.

The office lost an unencrypted hard drive containing employee names, official ID numbers, salary information and details on overtime while moving headquarters in mid-February, Interim Privacy Commissioner Chantal Bernier told the Star. Those affected are current or former employees of the Office of the Privacy Commissioner and the Office of the Information Commissioner.

While Bernier told 180 people of the breach at a staff meeting last week, another 600 former employees are expected to be told by phone or mail within the next several days.

The missing orange and silver external drive, used for rebuilding server data, holds the privacy office’s budgeting system, which it shares with the Office of the Information Commissioner of Canada.

IT staff first noticed the drive was missing in mid-March when they had trouble setting up their servers after the move from Ottawa to Gatineau, Que., on Feb. 14. It wasn’t until April 9 that they realized the drive contained personal information.

Article Continued Below

Bernier was informed the next day and gave IT staff 24 hours to find out what was on it. “As we dug, we found out that there was a little bit more personal information than we thought,” she said. “We are still assessing the situation.”

Although the data reaches back to 2002, this kind of information is only supposed to be held for seven years, an email to staff confirms. But Bernier said the data is so raw only someone with the right software and technical expertise can read it.

“The drive does not contain anything that can be used for identity theft,” Bernier assured. However, extra precautions are being taken by Public Works through extra authentication to guard from fraud of public service pensions.

“To make sure that the employee number is not used to find out information about someone, we immediately notified Public Works” — which holds the data bank on pensions — she said.

The RCMP has not been called in to investigate since there is no indication of a criminal act. An internal investigation has been launched and will return its findings April 25.

“We have notified Parliament — both the ethics committee to which we report, as well as both speakers of the Senate and of the House (of Commons),” Bernier said.

NDP ethics critic Charlie Angus called the breach “an unfortunate situation,” but said “the way they have handled it is admirable.”

“They have informed people what was on the drive. It’s a really marked difference. When the government lost financial information about student loans, they sat on it. By and large the departments aren’t following the protocols.”

Ad Hoc Privacy Commissioner, and former deputy attorney general of Canada, John H. Sims, will need to decide if the incident warrants a full investigation. His position was established in 2007 to investigate the office’s actions under the Privacy Act.

Discovery of the breach comes after Industry Minister James Moore proposed to toughen the rules around data breaches for the private sector under the Digital Privacy Act.

Delivered dailyThe Morning Headlines Newsletter

The Toronto Star and thestar.com, each property of Toronto Star Newspapers Limited, One Yonge Street, 4th Floor, Toronto, ON, M5E 1E6. You can unsubscribe at any time. Please contact us or see our privacy policy for more information.

More from the Toronto Star & Partners

LOADING

Copyright owned or licensed by Toronto Star Newspapers Limited. All rights reserved. Republication or distribution of this content is expressly prohibited without the prior written consent of Toronto Star Newspapers Limited and/or its licensors. To order copies of Toronto Star articles, please go to: www.TorontoStarReprints.com